Multi-layer switch hardware commutation across various layers Mario Baldi Politecnico di Torino http://staff.polito.it/mario.baldi Based on chapter 10 of: M. Baldi, P. Nicoletti, Switched LAN, McGraw-Hill, 2002, ISBN 88-386-3426-2 10_MLSwitching Copyright 2002 - M. Baldi - P. Nicoletti: see page 2
Copyright notice This set of transparencies, hereinafter referred to as slides, is protected by copyright laws and provisions of International Treaties. The title and copyright regarding the slides (including, but not limited to, each and every image, photography, animation, video, audio, music and text) are property of the authors specified on page 1. The slides may be reproduced and used freely by research institutes, schools and Universities for non-profit, institutional purposes. In such cases, no authorization is requested. Any total or partial use or reproduction (including, but not limited to, reproduction on magnetic media, computer networks, and printed reproduction) is forbidden, unless explicitly authorized by the authors by means of written license. Information included in these slides is deemed as accurate at the date of publication. Such information is supplied for merely educational purposes and may not be used in designing systems, products, networks, etc. In any case, these slides are subject to changes without any previous notice. The authors do not assume any responsibility for the contents of these slides (including, but not limited to, accuracy, completeness, enforceability, updated-ness of information hereinafter provided). In any case, accordance with information hereinafter included must not be declared. In any case, this copyright notice must never be removed and must be reported even in partial uses. 10_MLSwitching - 2
Layer 4 Switches Hardware processing of layer 4 information Actually TCP and UDP ports Often for filtering and/or classification (not routing) Rules matching to identify packets to process in a specific way Packets are inserted in a specific queue Discard Forwarding using a specific interface (not common) These rules are established during configuration Wire speed functionality on 10 Gigabit Ethernet Traditional routers implement filtering functionalities by software with a considerable performance reduction For instance, Access Control Lists implementations Commercial devices are Multi-Layer Switches 10_MLSwitching - 35
Motivations for Layer 7 Switches: issues coming from the Internet success Many simultaneous accesses to a server Usually a web server Portals Yahoo, Netscape Real time news CNN, La Stampa Software availability Microsoft Search engines Google, Yahoo Internet 10_MLSwitching - 36
The solution Server load balancing An An uniform distribution of of requests between servers creates a virtual virtual server server which capability is is equal to to the the sum sum of of the the capabilities of of the the single servers Layer 7 switch Application layer switch Content aware router Server load balancer Server farm farm The The usage of of different server is is cheaper that that the the realization of of a single server having the the same capabilities Internet 10_MLSwitching - 37
Application Layer Switches Requests distribution implies a content based forwarding Forwarding based on application layer information Need for high performances The servers in the server farm have GE or 10GE interfaces Hardware (ASIC) for layer 7 processing Layer 7 Switches/Application Layer Switches The devices on the market are multi-layer switches 10_MLSwitching - 38
Functionalities An IP address identifies the virtual server IP packets containing a request reach a layer 7 switch on the path up to the server farm A layer 7 switch processes the request and decides to which physical server the related IP packets will be forwarded In some applications the server keeps information about the client following interactions with the same server For instance, shopping chart Sticky conncetions Access limitations Implementation of access policies Rules matching and filtering procedures 10_MLSwitching - 39
Choice of the physical server Identical physical servers Each server keeps a copy of the same data Weighted round robin New requests are distributed over servers by turns Weighted least connections A new request is assigned to the server that is processing the smallest number of requests A weight helps to keep in count different performances Different physical servers The data stored in the virtual server is distributed over different servers Welcome page replicated on different servers Other pages, distributed over different servers The choice of the servers depends on the content Requests distribution results in load balancing 10_MLSwitching - 40
Layer 7 processing: not only a new header to analyze Client Server SYN SYN/ACK ACK GET URL Dati Subsequent exchanges of requests and answers Connection closure 10_MLSwitching - 41
Connection closure Client Layer 7 Switch Server SYN SYN/ACK ACK GET URL SYN SYN/ACK ACK GET URL Dati Dati 10_MLSwitching - 42
Consequences Heavy work to keep TCP connections Acknowledgements processing Storage of state information Storage of the packets in the windows Sent, but still not confirmed Hard to implement in hardware Performance indexes Maximum number of opened connections About a few hundred thousands Maximum number of new connections for second About a few ten thousands 10_MLSwitching - 43
Shortcuts They are possible when requests forwarding is not really based on content Weighted round robin, weighted least connections Destination port Isolate the messages that open the connection SYN Forward to the real server chosen The connection is directly opened with the real server Control if the opening of the connection is successful Control if the closure of the connection is successful Useful mostly when in weighted least connections mode 10_MLSwitching - 44
Advanced functionalities Periodical checks to verify if the real servers are working Proper answer to SYN messages Collect and process statistical data Faulty real servers are excluded Periodical checks to verify if the faulty servers work Pending requests assigned to faulty servers are assigned to other servers Fault protection Controls and statistics based on SYN messages are used to avoid Denial of Service (DoS) attacks Layer 7 switch: load balancing More than one devices working simultaneously Coordination and division of requests load 10_MLSwitching - 45
Advanced functionalities Layer 7 Switches redundancy If a device stops working or is isolated, the other ones replace it Stateless failover: connections must be initialized again Stateful failover: the backup switch knows the state of the primary one: no need to initialized connections again Very complex Verification of the balancing efficiency Traffic analysis to estimate the answering time of the server An agent executed on the server keeps state information and sends it to the layer 7 switch Non-standard protocol used to communicate with the server 10_MLSwitching - 46
Content Delivery Network (CDN) Generalization of the load balancing concept The Server farm is distributed over the network The forwarding is based on the content of the requests The content delivered is close to the users Reduction of the answering time Content Delivery Network 10_MLSwitching - 47
Something more than a different application mode At first Layer 7 switches were the basis of the CDNs Advanced routing functionalities are needed Routing protocols to spread information about contents position Almost brand new functionalities Current solutions based on tricks Lower complexity Lower efficiency Modifications to DNS (Domain Name Service) A name is related to several addresses The address provided is the one of the closest server to the requester Modified URLs (Universal Resource Locator) Solution adopted by Akamai 10_MLSwitching - 48